<?php
/**
* @file $Id: Modules.php 544 2007-06-03 22:03:18Z focus-sis $
* @package Focus/SIS
* @copyright Copyright (C) 2006 Andrew Schmadeke. All rights reserved.
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
* Focus/SIS is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.txt for copyright notices and details.
*/
error_reporting(1);

$start_time = time();
require_once('Warehouse.php');

if (!get_magic_quotes_gpc()) {
	array_rwalk($_REQUEST, 'addslashes');
}

if ($_REQUEST['modname'] != 'Reports/Calculations.php') {
	array_rwalk($_REQUEST, 'strip_tags');
}

if (!$_REQUEST['_FOCUS_PDF'] 
&& ( $_REQUEST['_FOCUS_BUFFER'] == 'true' 
||   substr($_REQUEST['modname'], 0, 8) == 'Library/' )
){
	ob_start();
	$_REQUEST['_FOCUS_BUFFER'] = 'true';	
}

if (!isset($_REQUEST['_FOCUS_PDF'])) {
	Warehouse('header');

	//if (strpos($_REQUEST['modname'],'misc/') ===false 
	//&& $_REQUEST['modname'] != 'Students/Student.php' 
	//&& $_REQUEST['modname'] != 'School_Setup/Calendar.php' 
	//&& $_REQUEST['modname'] != 'Scheduling/Schedule.php' 
	//&& $_REQUEST['modname'] != 'Attendance/Percent.php'
	//&& $_REQUEST['modname'] != 'Attendance/Percent.php?list_by_day=true' 
	//&& $_REQUEST['modname'] != 'Scheduling/MassRequests.php'
	//&& $_REQUEST['modname'] != 'Scheduling/MassSchedule.php' 
	//&& $_REQUEST['modname'] != 'Billing/Fees.php'
	//)
	
	if (( User('PROFILE') != 'admin' 
	&&    User('PROFILE') != 'teacher' ) 
	|| Preferences('MENU') == 'Top'
	){
		$background = "background='assets/themes/'" 
					. Preferences('THEME') 
					. '/bg.jpg'
					;
					
		$topmargin = 6;
	}
	else {
		$background = "background='assets/bg.gif'";
		$topmargin = 1;
	}
	
	echo "
<body	marginwidth='0'
		leftmargin='0'
		topmargin='$topmargin'
		border='0'
		onload='doOnload();'
		onclick='doOnBodyClick();' 
		" . ($_REQUEST['modname'] == 'Reports/Equations.php'
			? 'onkeypress="doOnKeyPress(window.event.keyCode);" '
			: '') . "
		" . $background . ">
	<div	id='Migoicons'
			style='visibility: hidden; 
					position: absolute; 
					z-index: 1000; 
					top: -100;'>
	</div>
	<script	language='JavaScript1.2'	type='text/javascript'>
		var TipId='Migoicons';
		var FiltersEnabled = 1;
		mig_clay();
	</script>";

	if (( User('PROFILE') != 'admin' 
	&&    User('PROFILE') != 'teacher' ) 
	|| Preferences('MENU') == 'Top'
	){
		echo "
	<center>
		<table	width='100%'
				cellpadding='0'
				cellspacing='0'
				style='border-style: solid none none none;
						border-color: #000000;
						border-width: 1;'>
			<tr>
				<td		valign='top'>";
	}
	
/*  I dont see why we run the && false, it never runs, so why have it
	if (strpos($_REQUEST['modname'], 'misc/') === false 
	&& false
	){
		echo ' 
<script language="JavaScript">
	if (window  ==  top  
	&& (!window.opener 
		|| window.opener.location.href.substring(0
			, (window.opener.location.href.indexOf("&") != -1
			?window.opener.location.href.indexOf("&")
			:window.opener.location.href.replace("#","").length)
			) != window.location.href.substring(0
				,(window.location.href.indexOf("&") != -1
				?window.location.href.indexOf("&")
				:window.location.href.replace("#","").length)
				)    )
	){ 
		window.location.href = "index.php";
	}
</script>';
	}
*/	
	if (( User('PROFILE') != 'admin' 
	&&    User('PROFILE') != 'teacher' ) 
	||  Preferences('MENU') == 'Top'
	){
		if (( $_REQUEST['modfunc'] != 'choose_course' 
		||    $_REQUEST['modname'] == 'Grades/CourseBenchmarks.php' ) 
		&& $_REQUEST['include_top'] !== 'false'
		){
			require('Top.php');
		}
		echo "
				</td>
			</tr>
		</table>
		<table	width=100%
				height=88%
				cellpadding=0
				cellspacing=0
				style='border-style: none none none none;
						border-color: #000000;
						border-width: 1;'>
			<tr>
				<td		bgcolor='#FFFFFF'
						valign='top'
						height='100%'>";
	}
}

if ($_REQUEST['modname'] 
||  $_REQUEST['_template_id']
){
	if ($_REQUEST['_FOCUS_PDF'] == 'true') {
		ob_start();
	}
	
	if (strpos($_REQUEST['modname'], '?') !== false) {
		$vars = substr( $_REQUEST['modname']
					  , (strpos($_REQUEST['modname'], '?') + 1)
					  );
					  
		$modname = substr($_REQUEST['modname']
						 , 0
						 , strpos($_REQUEST['modname'], '?')
						 );

		$vars = explode('?', $vars);
		
		foreach ($vars as $code) {
			$code = "\$_REQUEST['" . str_replace('=', "']='", $code) . "';";
			eval($code);
		}
	}
	elseif ($_REQUEST['_template_id']) {
		$modname = $_SESSION['_REQUEST_vars']['modname'];
		unset($_SESSION['_REQUEST_vars']['_template_id']);
		unset($_SESSION['_REQUEST_vars']['LO_index']);
		
		foreach ($_SESSION['_REQUEST_vars'] as $key => $value) {
			$_REQUEST[$key] = $value;
		}
	}
	else {
		$modname = $_REQUEST['modname'];
	}

	if ($_REQUEST['LO_save'] != '1' 
	&& !isset($_REQUEST['_FOCUS_PDF']) 
	&& ( strpos($modname, 'misc/') === false 
	 ||  $modname == 'misc/Registration.php' 
	 ||  $modname == 'misc/Export.php' ) 
	&&   $modname != 'Reports/SavedReports.php'
	){
		$_SESSION['_REQUEST_vars'] = $_REQUEST;
	}
	
	$allowed = false;
	include 'Menu.php';
	
	if (substr($_REQUEST['modname'], -11) == '/Search.php') {
		$allowed = true;
	}
	elseif (substr($_REQUEST['modname'], 0, 5) == 'misc/') {
		$allowed = true;
	}
	else {
		foreach ($_FOCUS['Menu'] as $modcat => $programs) {
			foreach ($programs as $program => $title) {
				if ($_REQUEST['modname'] == $program) {
					$allowed = true;
					break 2;
				}
			}
		}
	}

	if ($allowed) {
		if (Preferences('SEARCH') != 'Y' 
		&& !$_REQUEST['search_modfunc']
		){
			$_REQUEST['search_modfunc'] = 'list';
			$_FOCUS['modules_search'] = true;
		}
		
		include('modules/'.$modname);
		
		if ($_REQUEST['_FOCUS_BUFFER'] == 'true') {
			ob_end_flush();
		}
	}
	else {
		if (User('USERNAME')) {
			echo "You're not allowed to use this program! 
					This attempted violation has been logged
					and your IP address was captured.";
					
			Warehouse('footer');

			if ($FocusNotifyAddress) {
				mail($FocusNotifyAddress
					, 'HACKING ATTEMPT'
					, makeInsertSql('HACKING_LOG'
						, array(  'HOST_NAME'     => $_SERVER['SERVER_NAME']
								, 'IP_ADDRESS'    => $_SERVER['REMOTE_ADDR']
								, 'LOGIN_DATE'    => date('Y-m-d')
								, 'VERSION'       => $FocusVersion
								, 'PHP_SELF'      => $_SERVER['PHP_SELF']
								, 'DOCUMENT_ROOT' => $_SERVER['DOCUMENT_ROOT']
								, 'SCRIPT_NAME'   => $_SERVER['SCRIPT_NAME']
								, 'MODNAME'       => $_REQUEST['modname']
								, 'USERNAME'      => $User('USERNAME') 
							   )
						)
					);
			}
		}
		exit;
	}

	if ($_SESSION['unset_student']) {
		unset($_SESSION['unset_student']);
		unset($_SESSION['staff_id']);
	}
}

if ($_REQUEST['_template_id']) {
	DrawTemplateHeaders('', 'footer');
}

if (!isset($_REQUEST['_FOCUS_PDF']))
{
	if ( ( User('PROFILE') != 'admin' 
	&&     User('PROFILE') != 'teacher' ) 
	|| Preferences('MENU') == 'Top'
	){
		echo "
				</td>
			</tr>
		</table>
	</center>";
	}
	
	echo $menu_divs;
	for($i = 1; $i <= $_FOCUS['PrepareDate']; $i++) {
		echo '
<script type="text/javascript">
    Calendar.setup({
        monthField     :    "monthSelect' . $i . '",
        dayField       :    "daySelect' . $i . '",
        yearField      :    "yearSelect' . $i . '",
        ifFormat       :    "%d-%b-%y",
        button         :    "trigger' . $i . '",
        align          :    "Tl",
        singleClick    :    true
    });
</script>';
	}
	
	echo "
<!--";
	print_r($_FOCUS['sql_log']);
	echo "
-->
</body>
</html>";

}

?>